Feb 022017

— The list of entities reporting that employee W-2 data was acquired by phishing.–

Last year, this site compiled 145 W-2 phishing incidents before I somewhat waved a white flag in terms of trying to keep up. Let’s see how 2017 goes. Here’s the list I’ve got so far, and it will be updated as I become aware of new incidents.  Steve Ragan of Salted Hash has indicated that he will keep track, too, so do check his space also for additional information.

  1. Dracut Schools.
  2. Tipton County Schools 
  3. Odessa School District [“hundreds of employees”]
  4. Campbell County Health  [1,400]
  5. Marin Software
  6. UGI Utilities [1,900]
  7. Sunrun [a “a substantial portion” of 4,000 employees]
  8. Lexington School District Two (SC)
  9. Mercedes Independent School District (TX) [950]
  10. eHealthInsurance (eHealth, Inc.)
  11. Kuhana Associates
  12. Point Coupee Hospital [200]
  13. Morton School District (IL)
  14. Scotty’s Brewhouse (IN) [4,000]
  15. Mitchell Gold + Bob Williams [1,100]
  16. Persante
  17. TransPerfect 
  18. Davidson County Schools (NC)
  19. Belton Independent School District (TX) [1,700]
  20. Argyle School District (TX)
  21. Renovate America (CA)
  22. Manatee County School District [7,900]
  23. Anchor Packaging
  24. Distribution International
  25. Sky Climber, LLC
  26. College of Southern Idaho [2500]
  27.  West Michigan Whitecaps [230]
  28. Adventist Health Tehachapi Valley [Updated to 253]
  29. Verc Enterprises, Inc.
  30. Monarch Beverage (IN)
  31. Corsicana Independent School District
  32. Alton Steel [300]
  33. Mohave Community College
  34. City of Twinsburg, Ohio [500]
  35. Showpay, LLC
  36. SouthEast Alaska Regional Health Consortium
  37. Land Title Guarantee Company
  38. AmTote Intl [350]
  39. Sweeney Drywall Finishes Corp.
  40. Mercer County Schools (WVa) [1800]
  41. Patrick Industries [4,700]
  42. Bloomington Public Schools (MN) [1800]
  43. NEO Tech
  44. Petro 49 (Phishing or Hack??)
  45. Klondex Gold & Silver Mining
  46. Frosch International Travel
  47. Citizens Memorial Hospital 
  48. Driveline Retail
  49. Northwestern College (IA)
  50. Asbury Communities
  51. TrustComm, Inc.
  52. Verato, Inc.
  53. TrueNet Communications [506]  (?)
  54. Pacific Biosciences of California
  55. Bentley Truck Services
  56. Tate Access Floors [7]
  57. Accolade, Inc.
  58. ABNB Federal Credit Union
  59. MBA Consulting Services
  60. Goode Compliance International (? )
  61. Vecellio Group
  62. Astadia, Inc.
  63. Ashland University
  64. Maxor National Pharmacy Services
  65. Virginian Wesleyan College
  66. Amplify
  67. Black River Falls School District
  68. Trenton R-9 School District [260]
  69. Barron Area School District
  70. American Senior Communities* (IN) [“more than 17,000”]
  71. Crotched Mountain Foundation [~1000]
  72. Mount Healthy City Schools [600]
  73. Meridian Health Services [1200]

* Unnamed payroll processor fell for phish.

  11 Responses to “Victims of W-2 phishing scams (2017 list) [STICKY]”

  1. I had a call from someone posing to work for Walgreens said that he didnt work in the store was a floater wanted to change my prescription refills from 30 to 90 days got really bad with all the hacking I had that month in November, had to get rid of my email, contacts and grandchildrens pics and facebook. Gave the info to Walgreens as I felt there was a person standing by the register doing something with his “phone” watching everyone as they were in line. When I left the store, reporting the incident that happened on the phone I notified corporate. They never got back to me although I opened a case, called three times. Of course it may be an inside job, I believe it is, have all the info as I document heavily. So sad to see whats happening to my childrens world, I dont have an email any more by choice

  2. I think I have found a few others, as I have been tracking security issues related to K-12 school districts specifically. Running list at: https://www.edtechstrategies.com/blog/irs-phishing/

    • Thanks, Doug. I checked your list.
      There are three that you list that I didn’t have on mine. One is from today: Bloomington, which I hadn’t picked up yet – thanks!
      But the other two you list that I don’t have are not from 2017. They were both last year: the Olympia School District one and the Maine school one (Brunswick).

      So my count for k-12 schools is now at 13 for this year so far.

      Please do let me know if you find others that you think I’ve missed. I appreciate all help.

  3. Citizens Memorial Hospital??

    • Yes. I added them earlier today. Did you read the linked article? Why the “??” in your comment?

      • It hadn’t yet been added to the phishing list when I first saw it.

        I’d also like to give a shout out to the Montana AG’s office for their updated listings – great new source for breaches!

        • Ah, now I understand. Yeah, I check Montana’s list every day… and the other state lists that I know about. If you see something in a media report that I might miss, do let me know.

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>